Your Car May Be The Latest Target For Hackers As Vulnerabilities In Wireless Key Fobs Are Detected

Your Car May Be The Latest Target For Hackers As Vulnerabilities In Wireless Key Fobs Are Detected

September 19, 2014News

Gone are the days where a shattered window was the only telltale sign of a car break-in. At the Black Hat conference last month, Silvio Cesare, an Australian researcher, revealed a technique demonstrating how to spoof the signal from a wireless key fob and unlock a car without leaving any physical evidence behind.

How does this work exactly? The hacking technique involves a codebreaking attack made possible by a series of off-the-shelf tools. Cesare started with a software-defined radio, a device that can digitally emit or pick up frequencies to include Bluetooth and WiFi. Upon attaching this radio, an antenna and amplifier, he was able to successfully transmit the same frequency as the wireless key fob.

He performed a “brute force” attack, or exhaustive key search, to crack the code by systematically checking all keywords to find the code that would unlock the car. Although the tools cost an impressive $1,000 to purchase, Cesare said he is fairly certain that the radio equipment used in the attack will get progressively cheaper and potential hackers will continue to refine his technique.

There are some caveats to this method. The car and key fob use a rolling code that changes with each use and the attacker must identify a portion of the unlocking code prior to completing the attack. The individual would need to eavesdrop on one lock/unlock command sent from the victim’s key fob to pick up the car’s unique code prior to issuing the spoofed unlock command.

Whatever the case may be, Cesare intends for his research to serve as a warning to automakers for future models. He declined to make the code or his tools available to the public in the event individuals with bad intentions may seek to imitate his attack.

Related Posts

It’s widely held knowledge that using a single factor for authentication to wireless networks is less than secure and easily exploited by hackers. Many organizations recognize this and utilize Multi-Factor Authentication (MFA) to an extra layer of protection. Each additional …

Cybersecurity is one of the most dynamic and complex industries in the world today. A business that provides cybersecurity software or products is not just competing against other companies; they’re competing against countless peoples’ ingenuity. To protect networks, servers, users, …

Defcon 2015 (ahem, excuse us, DEF CON® 23!) took place this last weekend in Las Vegas, preceded by a week of Black Hat 2015. As always, we look for the odd and interesting in the world of wireless security. A …